Your configuration should have just one piece of information. Maybe two, if the first piece of information is encrypted. If it needs anything more, then there is something seriously wrong with the libraries/frameworks you are using, or you are misusing configuration files.

A configuration file has exactly one purpose. It exists to supply the information that cannot be known by your application at compile time, and cannot be acquired after launch. If something is known before compilation, then it should be compiled into the application. If something changes while the application is running or is chosen by a user, then it should be supplied as a runtime dependency. What information falls outside of those two types of information? The one piece of data that you need to get access to the remainder of that information, the data source.

Therefore, your configuration should contain just the means to connect your application to its source of data, and nothing else. Everything else should be compiled into the application or provided by the source of data.

Why you should NOT put anything else in the config files

1. Only code and build tooling should live in source control

Source control should manage the source code of your application. Source control should know nothing about your deployment environment. Open source developers know this fact intimately, since it’s a major security risk to ever put a piece of information about their environment in their repositories. The same principle is applicable to closed-source development.

2. Settings change for different reasons than the software

The source code for an application typically changes as features are added/removed/changed. This work is done by developers. Business people care about A/B tests, feature flags, and the impact to the bottom line. Operations people care about changing connection strings, credentials, encryption certificates, and deployment templates. Since these change for different reasons, there should be no need to go through the development pipeline to make these non-software changes.

3. Minimize the impact of outages

Your system should be setup so that outages in any environment can be addressed rapidly. Switching to an alternative service instance or database server must be quick and painless. It shouldn’t necessitate going through the entire development pipeline. The ideal is to change a single value in your deployment environment and reboot the application instances.

4. Merge detection does not work well with many configs

This is one of my personal reasons for hating Enterprise configs. Merge tools often cannot correctly determine what constitutes a changed config section, and so it detects many more merge collisions than actually exist. When you have 6+ config transforms, this is a huge time sink. It costs the business piles of money, and significantly hurts developer morale.

5. Compliance/auditing/traceability

The risk of changing configuration values, connections, certificates, credentials and so forth is a very different kind of risk than the risk of changing the behavior of the software. If your company follows proper change control procedures, then software changes must be tracked and approved. By having the added noise of source code changes for non-behavior changes, and the hidden coupling of changing behavior and operations integrations simultaneously, change control is diluted substantially.

I definitely encourage you to make your applications configurable. It should be easy for each stakeholder and user to easily change the things that are important to them. Just don’t put any of those in the config files. Your config file should only provide your application with something it couldn’t know before compile time and can’t get after launching.